ITAA fires back at e-voting critics
The vendor lobby is accusing security researchers of pushing an
open-source agenda

News Story by Dan Verton

JULY 16, 2004 (COMPUTERWORLD) - WASHINGTON -- The president of one
of the most influential IT vendor associations is accusing electronic
voting system critics, many of whom are IT security researchers, of
using the issue of e-voting security to wage a "religious war" that
pits open-source software against proprietary software.

A recent survey by the Arlington, Va.-based Information Technology
Association of America (ITAA) showed that 77% of registered voters
aren't concerned about the security of e-voting systems, and ITAA
President Harris Miller said critics who claim to be concerned about
the issue are really pushing a political agenda on behalf of the
open-source software community.

"It's not about voting machines. It's a religious war about
open-source software vs. proprietary software," Miller said in an
interview with Computerworld. "If you're a computer scientist and you
think that open-source software is the solution to everything because
you're a computer scientist and you can spot all flaws, then you hate
electronic voting machines. But if you're a person who believes that
proprietary software and open-source software can both be reliable,
then you don't hate electronic voting machines."

Kim Alexander, president of the California Voter Foundation, called
Miller's characterization "nonsense."

"Every technologist that I have worked with believes that even if we
had open-source software, we would still need a paper [audit] trail,"
said Alexander. "There would be no guarantee that the software that
was inspected by the public would be the same software that is running
on every machine in every jurisdiction in the country."

Eric Raymond, president of the Open Source Initiative (OSI), a
nonprofit organization that promotes standards and criteria for
open-source software, said Miller has the issue wrong. "Most
[e-voting] critics, including me, aren't focusing on open-source vs.
closed-source at all, but rather on the lack of any decent audit trail
of votes -- one that can't be corrupted by software. Open-source would
be nice for all the real reasons but is less important than the audit
trail."

Other supporters of voter-verifiable paper audit trails, including Avi
Rubin, a professor at the Johns Hopkins University Information
Security Institute, questioned the ITAA's decision to survey average
voters about a technical security question.

"Would they ask questions about the safety of a medical procedure of
patients or of doctors?" asked Rubin. "They should ask computer
security experts about computer security questions, not end users, who
may like the look and feel of the machines but have no way of knowing
if they are really secure."

Miller acknowledged that security has to be a top priority but stopped
short of saying that the IT security community is in agreement about
the security vulnerabilities. "There's never been a demonstrated case
of fraud other than an occasional mechanical problem," said Miller.
Asking proponents of open-source software to comment on the security
of electronic voting systems "is like asking a bunch of clergymen what
they think of premarital sex," he said.

Jim Adler, CEO of VoteHere, a Bellevue, Wash.-based developer of
secure voting technology, agreed that to date the biggest issue facing
election security and accuracy hasn't been the security of the
software used in the machines.

"The reality is that 2 million votes were lost in the 2000 election
because of machine malfunctions or machine-user interface problems. So
the long pole in the tent hasn't been security," said Adler.

However, Jeff Zaino, vice president of elections at the American
Arbitration Association in New York, the largest provider of private
election administration services in the country, said paper audit
trails for electronic systems are critical -- not only to voter
confidence but to preventing an endless number of legal challenges if
the election is close.

Only two states, Florida and California, have a manual recount law --
and in Florida, the law doesn't apply to paperless touch-screen
systems. "In principle, it's outrageous that we have secret,
proprietary voting systems," said Alexander. "We have outsourced our
elections to private companies and handed over the keys to the kingdom
to a handful of vendors. And all they have said since this debate
started is 'Trust us.'

--
Joseph Lorenzo Hall
UC Berkeley, SIMS PhD Student
http://pobox.com/~joehall/
blog: http://pobox.com/~joehall/nqb2/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================